Skip to content

Commit

Permalink
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
Browse files Browse the repository at this point in the history 
After the erdma_cep_put(new_cep) being called, new_cep will be freed,
and the following dereference will cause a UAF problem. Fix this issue.

Fixes: 920d93e ("RDMA/erdma: Add connection management (CM) support")
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Cheng Xu <chengyou@linux.alibaba.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
  • Loading branch information
Cheng Xu authored and Leon Romanovsky committed Mar 6, 2025
1 parent 0b27b0e commit 8343768
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion drivers/infiniband/hw/erdma/erdma_cm.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -709,7 +709,6 @@ static void erdma_accept_newconn(struct erdma_cep *cep)
erdma_cancel_mpatimer(new_cep);

erdma_cep_put(new_cep);
new_cep->sock = NULL;
}

if (new_s) {
Expand Down

0 comments on commit 8343768

Please sign in to comment.